As we prepare to ring in the new year, the ever-evolving cybersecurity landscape promises to bring new cyber threat actors, vulnerabilities, and weaknesses to counter. As technology evolves, so do cyber threat actors’ tactics, techniques, and procedures (TTPs) to take advantage of unsuspecting organizations for personal gain. Here are our top five predictions for cybersecurity threats that organizations will confront in 2024:
1) Human-operated Ransomware Is Here to Stay
Human-operated ransomware attacks have been a persistent threat, and we anticipate that they’ll continue to evolve. This year, we saw major companies like MGM Resorts International and Caesars Entertainment lose 100s of millions of dollars in very high-profile, human-operated ransomware attacks. These attacks involved cybercriminals making fraudulent phone calls to unsuspecting employees and help desks to phish for credentials. The attackers then used those credentials to access the network and deploy ransomware. The large payout of these attacks is likely to entice cybercriminals to employ more advanced encryption techniques and diversify their targets to include not only large enterprises but also small and medium-sized businesses in 2024.
2) The Rise of AI-generated Threats
In 2023, we saw the widespread interest and adoption of artificial intelligence (AI) tools like ChatGPT. Unfortunately for us, cybercriminals also took notice and began leveraging AI to automate and optimize their attacks, despite potential safeguards being put into place to prevent such actions. In one reported instance, a cyber threat actor used AI to create a convincing three-paragraph email asking its target for help with an urgent invoice for use in a phishing attempt. While this incident is short of AI creating actual malicious code, we can expect an increase in AI-powered malware that adapts and learns from its environment, making it more challenging to detect and mitigate in the future.
3) Supply Chain Attacks
As organizations become more interconnected and reliant on third-party applications, the software supply chain becomes an attractive target for cybercriminals. For instance, in 2023, we saw cyber threat actors take advantage of a vulnerability in the MOVEit file transfer tool that supports the exchange of large amounts of data between servers, systems, and applications. This has resulted in multiple US government entities and private organizations being targeted for ransom, since large swaths of private citizen and customer data was being stolen due to attackers exploiting unpatched MOVEit instances. This vulnerability has impacted millions of people in the US alone. We predict an increase in attacks targeting the software supply chain, aiming to compromise the integrity of widely used applications and services in the coming year.
4) Mandatory Cybersecurity Self-Assessments Coming
In the coming year, we can anticipate that both the United States and the European Union will push to implement significant cybersecurity initiatives like adopting mandatory self-assessment protocols. Both the US and EU have already enacted laws mandating that breaches involving customer data be reported. We expect that there will be a push to further those laws by taking a more proactive approach to cybersecurity that includes adversarial exercises or continuously attacking one’s environment to understand its weaknesses and vulnerabilities. The mandatory self-assessments will likely require organizations to evaluate their cybersecurity measures, identify vulnerabilities, and implement necessary safeguards.
5) Critical Infrastructure
As the United States and the West become more engaged in global conflicts, like those in Ukraine and Israel, the probability of them becoming targets for cyberattacks on critical infrastructure, such as energy, transportation, and healthcare sectors, has increased for the new year. Cyber threat actors may target the West for financial gain through ransom demands, geopolitical motivations, or even sabotage to destabilize a region or nation. Think about the Colonial Pipeline cyberattack that occurred in May 2021 that involved a ransomware attack on one of the largest fuel pipeline systems in the US. The incident caused widespread concern among consumers about the availability of gasoline to run their cars and severely impacted their ability to conduct normal, day-to-day activities, while simultaneously raising concern about the impact of cyberattacks on essential services and raising awareness about the need for enhanced cybersecurity measures.
Given these predictions, we strongly advise organizations to adopt a preemptive cybersecurity strategy. It’s essential to conduct continuous security assessments, implement employee training programs, and collaborate with security experts in your industry, which will be crucial in fortifying defenses against the evolving threat landscape. These measures are critical for strengthening defenses in the face of the ever-changing threat landscape.
Additionally, embracing an autonomous approach to actively discover, remediate, and confirm any vulnerabilities or weaknesses are fixed can save your security team valuable time. Incorporating a routine penetration testing schedule ensures prompt results and guarantees timely implementation of mitigations and verifications. This proactive stance is key to staying ahead of emerging cyber threats.